nexus-proposal-scout
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches organizational policy files (PHASE.md) from GitHub. This operation utilizes the official gh CLI to interact with a well-known service for configuration purposes.
- [COMMAND_EXECUTION]: Employs the probe CLI for scouting ideas and submitting proposals. It also uses standard utilities like cat and base64 to process local files and API responses as part of its core workflow.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it ingests untrusted data from GitHub (guidelines and issue titles) and processes it to generate proposals without explicit delimiters or sanitization.
- Ingestion points: PHASE.md content and GitHub issue titles retrieved via the gh API.
- Boundary markers: Absent; external content is interpolated directly into the context used for drafting proposals.
- Capability inventory: probe message send (messaging), probe idea propose (submitting executable ideas).
- Sanitization: Absent; the skill relies on the agent to interpret and rephrase the external content.
Audit Metadata